From 759a9c7c0c088b1e65d22500bd66ffbae71f70ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 13 Oct 2023 06:08:26 +0200
Subject: [PATCH] conduit: Fix acme issue

letsencrypt will prod on port 80 to verify the domain. `listen`
overrides `addSSL`, so none of the NixOS modules' setup will actually
work.

This means the conduit virtualhost never listened on port 80, and
couldn't verify letsencrypt requests.

How this *ever* worked is beyond me, but this commit resolves the
problems (don't worry, `forceSSL` does what it says on the tin and
overrides the `listen` again).
---
 configuration/services/conduit.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix
index 8257592..6c84705 100644
--- a/configuration/services/conduit.nix
+++ b/configuration/services/conduit.nix
@@ -183,6 +183,14 @@ in {
     enableACME = true;
 
     listen = [
+      {
+        addr = "0.0.0.0";
+        port = 80;
+      }
+      {
+        addr = "[::0]";
+        port = 80;
+      }
       {
         addr = "0.0.0.0";
         port = 443;
@@ -200,12 +208,12 @@ in {
       }
       {
         addr = "[::0]";
-        port = 8488;
+        port = 8448;
         ssl = true;
       }
     ];
 
-    addSSL = true;
+    forceSSL = true;
     extraConfig = ''
       merge_slashes off;
       access_log /var/log/nginx/${domain}/access.log upstream_time;